Privacy Policy

1. Introduction

DealFusion Tech Labs Ltd ("DealFusion", "we", "us", or "our") is committed to protecting the privacy of every user of our mobile applications and services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use any of our applications, including but not limited to:

• DriveSwift (Car, Motorcycle, ADI, LGV/PCV, Instructor)
• Soothly
• LM Dating
• Postd

together referred to as the "Apps" or "Services". This policy applies to all platforms on which our Apps are available, including Apple iOS, Google Android, and our website at www.dealfusion.co.uk.

2. Information We Collect

The types of information we collect depend on which App you use and how you interact with it. We may collect the following categories:

2.1 Information You Provide Directly

• Account registration details: name, email address, phone number, password
• Profile information: photos, bio, date of birth, gender, preferences (LM Dating)
• Identity verification documents: government-issued ID, selfie/liveness images (Postd, LM Dating)
• Business information: company name, director/shareholder details, SIC codes, registered address (Postd)
• Payment and subscription information managed through Apple App Store or Google Play Store
• Communications: messages, support requests, feedback, survey responses

2.2 Information Collected Automatically

• Device information: device type, model, operating system version, unique device identifiers
• App usage data: features accessed, screens viewed, session duration, interaction patterns
• Performance data: crash reports, error logs, load times, app version
• Network information: IP address, mobile carrier, connection type (Wi-Fi/mobile data)
• Location data: approximate location derived from IP address (we do not collect precise GPS location unless explicitly stated and consented to)
• Push notification tokens for delivering notifications you have opted into

2.3 Information from Third Parties

• Apple and Google: subscription status, purchase receipts, account identifiers
• KYC/identity verification providers (e.g. Sumsub): verification results, risk scores, PEP/sanctions screening
• Analytics providers: aggregated usage metrics
• Social login providers (if applicable): basic profile information you consent to share

3. How We Use Your Information

We use your information for the following purposes:

• Provide and maintain our Services: create and manage your account, deliver app features, process transactions, and manage subscriptions.
• Personalise your experience: tailor content, recommendations, and learning paths (e.g. DriveSwift adaptive learning, LM Dating matching).
• Process payments: manage in-app purchases and subscriptions through Apple and Google billing systems.
• Identity verification: conduct KYC/AML checks as required by law (Postd, LM Dating).
• Communication: send service-related notifications, security alerts, updates, and promotional messages (with your consent).
• Safety and security: detect and prevent fraud, abuse, spam, and security threats; enforce our Terms of Service.
• Analytics and improvement: understand how our Apps are used, diagnose technical issues, and improve functionality and user experience.
• Legal compliance: comply with applicable laws, regulations, and legal processes.
• Customer support: respond to your enquiries, troubleshoot issues, and provide technical assistance.

4. Legal Bases for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract performance: processing necessary to deliver the Services you have requested (account creation, app features, subscription management).
• Legal obligation: processing required to comply with UK laws, including Anti-Money Laundering regulations, data retention requirements, and tax obligations.
• Legitimate interest: processing necessary for our legitimate business interests, including fraud prevention, security, analytics, and product improvement, where these interests are not overridden by your rights.
• Consent: processing based on your explicit consent, such as marketing communications, optional data collection, and certain notification types. You may withdraw consent at any time.

5. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of recipients:

• Service providers and processors: third-party companies that help us operate our Services, including cloud hosting (Supabase), identity verification (Sumsub), payment processing (RevenueCat, Apple, Google), push notifications (Apple Push Notification Service, Firebase Cloud Messaging), analytics, and workflow automation (n8n).
• App stores: Apple and Google receive information necessary to process your purchases and manage subscriptions.
• Government and regulatory bodies: where required by law, such as Companies House filings (Postd) or in response to valid legal requests.
• Professional advisors: lawyers, auditors, and insurers where necessary for our business operations.
• Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With your consent: where you have given explicit permission to share your data with specific third parties.

6. In-App Purchases and Subscriptions

Our Apps may offer in-app purchases and auto-renewing subscriptions. These are processed entirely through the Apple App Store (iOS) or Google Play Store (Android).

• We do not collect or store your credit card number, bank account details, or other financial payment information directly.
• Apple and Google handle all payment processing and are responsible for the security of your payment data in accordance with their own privacy policies.
• We receive confirmation of your purchase, subscription status, and transaction identifiers from Apple/Google to manage your access to premium features.
• Subscription management, cancellation, and refund requests must be handled through your Apple or Google account settings.
• Prices are displayed in your local currency as determined by the app store. Prices may vary by region.

7. Advertising and Analytics

• Some of our free apps may display advertisements served by Google AdMob. AdMob may use device advertising identifiers and cookies to serve personalised or contextual ads.
• You can opt out of personalised advertising through your device settings (iOS: Settings → Privacy → Tracking; Android: Settings → Privacy → Ads).
• We use analytics tools to understand app usage, track performance, and improve our products. Analytics data is aggregated and does not identify individual users.
• We may use Google Analytics, Firebase Analytics, or similar services. These services may collect device and usage data subject to their own privacy policies.

8. Push Notifications

We may send you push notifications related to our Services, including but not limited to: new content or features, subscription reminders, security alerts, account activity, and promotional offers. You can manage your notification preferences at any time through your device settings or within the App. Opting out of push notifications will not affect your ability to use the App, but you may miss important service updates.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law:

• Account data: for the duration of your account and up to 30 days after account deletion, unless longer retention is required by law.
• KYC/identity verification data: for 5 years after the end of our business relationship, as required by UK Anti-Money Laundering regulations.
• Transaction and subscription data: for up to 7 years for tax and accounting compliance.
• Usage and analytics data: up to 2 years in aggregated or pseudonymised form.
• Mail scans (Postd): according to your subscription plan retention period (1-7 years).
• Company formation records (Postd): up to 10 years to comply with UK company law.
• Marketing consent records: for as long as the consent is active plus a reasonable period to demonstrate compliance.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Row-level security and access controls in our database systems
• Signed URLs with short expiry for document access
• Secure authentication with hashed passwords and optional multi-factor authentication
• Regular security assessments and monitoring
• Staff access controls and data handling procedures

While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

11. International Data Transfers

Some of our service providers are based outside the United Kingdom, including in the United States and the European Economic Area. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or equivalent UK transfer mechanisms under the UK Data Protection Act 2018 and UK GDPR.

12. Your Rights

Under UK data protection law (UK GDPR), you have the following rights:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data in certain circumstances ("right to be forgotten").
• Right to restriction: request that we restrict processing of your data in certain circumstances.
• Right to data portability: receive your data in a structured, commonly used, machine-readable format.
• Right to object: object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: withdraw consent at any time where we rely on consent as the legal basis.
• Right to lodge a complaint: you may file a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, please contact us at support@dealfusion.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

13. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: what personal information we collect, use, disclose, and sell.
• Right to delete: request deletion of personal information we have collected.
• Right to opt out: opt out of the sale or sharing of personal information. We do not sell your personal information.
• Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at support@dealfusion.co.uk.

14. Children's Privacy

Our Apps are not directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. LM Dating and Postd are restricted to users aged 18 and over. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that information as soon as possible. If you believe a child has provided us with personal data, please contact us immediately at support@dealfusion.co.uk.

15. Account Deletion

You have the right to delete your account at any time. To request account deletion:

• Use the "Delete Account" option in the App settings (where available).
• Email us at support@dealfusion.co.uk with the subject "Account Deletion Request".
• Visit the account deletion page for the specific app: LM Dating | Postd

Upon account deletion, we will remove your personal data within 30 days, except where we are required by law to retain certain records (e.g. KYC records for 5 years, financial records for up to 7 years). Active subscriptions must be cancelled separately through your Apple or Google account settings.

16. Cookies and Tracking Technologies

Our mobile Apps use minimal cookies and similar technologies. We primarily use session cookies and tokens for authentication and essential security purposes. Our website may use cookies for analytics and functionality. You can manage cookie preferences through your browser settings. We respect "Do Not Track" browser signals where technically feasible.

17. Third-Party Links

Our Apps and website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you access through our Apps.

18. App-Specific Privacy Information

Some of our Apps have additional privacy considerations. Please also refer to:

• Postd Privacy Policy — additional details on KYC, mail handling, and company formation data.
• LM Dating Privacy Policy — additional details on dating profile data, matching, and safety.
• LM Dating Child Safety Policy — our commitment to preventing underage access and exploitation.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will notify you via email, in-app notification, or by prominently posting a notice in the App at least 30 days before the changes take effect. Your continued use of our Apps after the effective date constitutes acceptance of the updated policy. The latest version will always be available at dealfusion.co.uk/privacy.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us: